oss-sec mailing list archives
Re: lxc-sshd security issues?
From: "Michael K. Johnson" <johnsonm () rpath com>
Date: Thu, 5 Mar 2009 10:15:50 -0500
On Wed, Mar 04, 2009 at 05:30:33PM -0500, Michael K. Johnson wrote:
I have not received any response to this query upstream, and I was wondering if anyone else has noticed this issue, and if so, if they have any plans with regard to it. rPath isn't shipping lxc at this point, so we have no plans for a security advisory. But does pre-configured account information including root and user passwords bother anyone else here?
I finally got the right contact info upstream, and we're talking about this, so expect it to not be a problem in future releases. For the record, it's dummy auth data, but still could be seen as a backdoor, and will probably be changed to user-configured value.
Current thread:
- lxc-sshd security issues? Michael K. Johnson (Mar 04)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 05)
- Re: lxc-sshd security issues? Steven M. Christey (Mar 17)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 18)
- Re: lxc-sshd security issues? Steven M. Christey (Mar 17)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 05)